risks for an exploit of $756 million in USDC reserves

Sky, previously MakerDAO, faces criticism for the use of an EOA wallet in managing a $756 million exploit in USDC reserves. The choice raises questions about the security of the funds and the transparency of the protocol.

Let’s see all the details in this article. 

Exploit: the transition to Sky’s PSM Lite raises criticisms and concerns

The world of criptovalute is buzzing due to the recent criticisms directed at Sky, former MakerDAO, for its approach to managing large reserves of USDC.

The protocol, which has recently completed its rebranding, uses an externally owned account (EOA) to manage 756 million dollars within its peg stability module lite (PSM Lite). 

This method has attracted the attention of the community, raising doubts about the security and reliability of the system. EOA accounts, unlike smart contracts, are standard wallets controlled by a single private key. 

This structure lacks advanced security features such as multi-signature authentication or time-lock mechanisms, making the funds more vulnerable to possible exploits or internal abuses.

A user of X (formerly Twitter) has brought the issue to light, highlighting how the use of an EOA for such a significant amount is a risk to the stability of the protocol.

According to critics, this choice exposes the reserves to potential private key violations or to harmful actions by unauthorized individuals.

Sky has introduced the PSM Lite as part of a migration plan to improve efficiency in managing the peg of its stablecoin to the US dollar.

The new mechanism allows users to exchange USDC and stablecoins at a fixed rate, simplifying operations. However, the initial phase of transferring reserves from the old PSM to the PSM Lite requires that the funds be controlled by an EOA. 

The first tranche of 20 million dollars has already been transferred, but concerns remain. 

Rune Christensen, co-founder of Sky, explained that the private keys necessary to reconstitute the MPC (Multiparty Computation) account were destroyed during the setup process with Coinbase Custody. 

This step eliminates the risk of key compromise, but it does not solve the main problem: who has ultimate control over the wallet?

Security and governance concerns

The concerns are not only about technical security, but also about governance. Users are wondering what measures have been taken to ensure that decisions regarding funds are made transparently and securely.

An additional critical point concerns the possibility of implementing a future freezing function, which could affect users’ trust in the protocol. 

While the debate on reserve management continues, Sky is trying to push an innovative proposal for its tokenomics. 

Christensen has suggested stopping the issuance of new tokens and adopting a deflationary model based solely on burning. 

This approach aims to gradually reduce the total supply of the protocol’s main token, strengthening its intrinsic value.

Christensen clarified that, in case of insolvency risk, the protocol will continue to follow the original model, which involves the issuance of tokens to cover any deficits. 

However, this strategy could come into conflict with the current concerns of governance and transparency, making an open dialogue with the community essential.

The importance of transparency

The issue raised by the use of the EOA to manage such substantial funds highlights a central theme for the blockchain ecosystem: the balance between efficiency and security.

Sky is now facing an important challenge: regaining the trust of the community by demonstrating that its decisions are aligned with the fundamental principles of the blockchain, such as decentralization and transparency.

Responsible management of critical resources is essential to maintain the credibility of any DeFi protocol. 

The community expects Sky to take concrete measures to address the issues raised and ensure that the security of users’ funds is never compromised.